On Jun 5, 2019, at 3:17 AM, Mohit Sethi M <mohit.m.se...@ericsson.com> wrote: > > Chair hat on: > > The draft needs to be formally adopted as a working group item before moving > to last call.
It would be nice, but I don't think that's strictly necessary for the process. The subject is already a WG charter item, so there should be no issues. > Chair hat off: > > I support the adoption of this draft as a working group item. This is a > charter item and the draft is simple enough to move forward rather quickly. > The code has been updated in the wpa_supplicant and hostapd: > https://w1.fi/cgit/hostap/commit/?id=1c16b257a081e810caf2ca0926ff4f9e2bb9557c > > https://w1.fi/cgit/hostap/commit/?id=5eefa8115b884f8ab45ac6521f66dc68f555dcd0 > > John provided a review here: > https://mailarchive.ietf.org/arch/msg/emu/fHopSdLqMY37odPGvwn7M5ZksIw > > and Jouni made a comment here: > https://mailarchive.ietf.org/arch/msg/emu/MX7P367g4j2c3yuyqch3W-I3u_o > > I have a couple of comments: > > I think it would really help to document the fact that the Session-Id length > for EAP-SIM is different for full authentication and fast re-authentication. > That's because for full authentication, the Session-Id is: Sure. > >> Session-Id = 0x12 || RAND || NONCE_MT > and RFC 4186 says that EAP server should obtain n GSM triplets where n = 2 or > n = 3. So the length is either: > > 1 (Method-Id) + 32 (RAND*2) +16 (NONCE_MT) = 49 or > > 1 (Method-Id) + 48 (RAND*3) + 16 (NONCE_MT) =65. > > However, in fast-reauthentication, the Session-Id is: > > >> Session-Id = 0x12 || NONCE_S || MAC > So the length is: > > 1 (Method-Id) + 16 (NONCE_S) + 16 (MAC) = 33 > > I found it surprising while implementing that the Session-Ids were different > in lengths. > > My next question is about Session-Id for PEAP. The draft currently defines > Session-Id for EAP-PEAP as: > > >> Session-Id = 0x19 || client.random || server.random). Which is for TLS 1.2 and below. > Do you plan to update this for TLS 1.3 and use TLS-Exporter in your other > draft: draft-dekok-emu-tls-eap-types? Do we need to do this twice in > separate drafts? draft-dekok-emu-tls-eap-types already updates the Session-ID for all TLS-based EAP types, including PEAP. The issues are (a) update missing derivations for TLS <1.2, and (b) define new derivations for TLS 1.3. So yes, we update PEAP twice. Alan DeKok. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
